2018-10-05 21:48:36 +00:00
|
|
|
package authority
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/x509"
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Root returns the certificate corresponding to the given SHA sum argument.
|
|
|
|
func (a *Authority) Root(sum string) (*x509.Certificate, error) {
|
|
|
|
val, ok := a.certificates.Load(sum)
|
|
|
|
if !ok {
|
|
|
|
return nil, &apiError{errors.Errorf("certificate with fingerprint %s was not found", sum),
|
2019-07-29 18:56:14 +00:00
|
|
|
http.StatusNotFound, apiCtx{}}
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
crt, ok := val.(*x509.Certificate)
|
|
|
|
if !ok {
|
2019-01-05 01:51:32 +00:00
|
|
|
return nil, &apiError{errors.Errorf("stored value is not a *x509.Certificate"),
|
2019-07-29 18:56:14 +00:00
|
|
|
http.StatusInternalServerError, apiCtx{}}
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
|
|
|
return crt, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRootCertificate returns the server root certificate.
|
|
|
|
func (a *Authority) GetRootCertificate() *x509.Certificate {
|
2019-01-07 23:30:28 +00:00
|
|
|
return a.rootX509Certs[0]
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRootCertificates returns the server root certificates.
|
2019-01-15 02:09:06 +00:00
|
|
|
//
|
|
|
|
// In the Authority interface we also have a similar method, GetRoots, at the
|
|
|
|
// moment the functionality of these two methods are almost identical, but this
|
|
|
|
// method is intended to be used internally by CA HTTP server to load the roots
|
|
|
|
// that will be set in the tls.Config while GetRoots will be used by the
|
|
|
|
// Authority interface and might have extra checks in the future.
|
2019-01-07 23:30:28 +00:00
|
|
|
func (a *Authority) GetRootCertificates() []*x509.Certificate {
|
|
|
|
return a.rootX509Certs
|
2018-10-05 21:48:36 +00:00
|
|
|
}
|
2019-01-05 01:51:32 +00:00
|
|
|
|
2019-01-08 01:48:56 +00:00
|
|
|
// GetRoots returns all the root certificates for this CA.
|
2019-01-15 02:09:06 +00:00
|
|
|
// This method implements the Authority interface.
|
2019-01-12 03:08:08 +00:00
|
|
|
func (a *Authority) GetRoots() ([]*x509.Certificate, error) {
|
2019-01-08 01:48:56 +00:00
|
|
|
return a.rootX509Certs, nil
|
|
|
|
}
|
|
|
|
|
2019-01-05 01:51:32 +00:00
|
|
|
// GetFederation returns all the root certificates in the federation.
|
2019-01-15 02:09:06 +00:00
|
|
|
// This method implements the Authority interface.
|
2019-01-12 03:08:08 +00:00
|
|
|
func (a *Authority) GetFederation() (federation []*x509.Certificate, err error) {
|
2019-01-05 01:51:32 +00:00
|
|
|
a.certificates.Range(func(k, v interface{}) bool {
|
|
|
|
crt, ok := v.(*x509.Certificate)
|
|
|
|
if !ok {
|
|
|
|
federation = nil
|
|
|
|
err = &apiError{errors.Errorf("stored value is not a *x509.Certificate"),
|
2019-07-29 18:56:14 +00:00
|
|
|
http.StatusInternalServerError, apiCtx{}}
|
2019-01-05 01:51:32 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
federation = append(federation, crt)
|
|
|
|
return true
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|